Internal Server error "no namespace" on paths /v1/auth/token/lookup-accessor, /v1/auth/token/renew-accessor, /v1/auth/token/revoke-accessor when accessor has random Unicode chars

**Describe the bug**
Making a `POST` at any of the 4 URLs with `accessor` having the supplied value in the JSON examples, results in `500 - Internal Server Error`


**To Reproduce**
Steps to reproduce the behavior:
1. Run curl with the payload supplied in the json files.

[Tests.zip](https://github.com/hashicorp/vault/files/7597582/Tests.zip)

Same steps to reproduce for all paths.

This was discovered while running a fuzzing tool I wrote for OpenAPI specs: https://github.com/Endava/cats. You can replay all the tests using:

`./cats.jar replay --tests="Test349.json,Test785.json,Test1163.json"`

**Expected behavior**
A `400` response.

**Environment:**
* Vault Server Version (retrieve with `vault status`): 1.9.0
* Vault CLI Version (retrieve with `vault version`): Vault v1.9.0
* Server Operating System/Architecture: macOS Monterey 12.0.1 

Probably same root cause as: https://github.com/hashicorp/vault/issues/13225



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Internal Server error "no namespace" on paths /v1/auth/token/lookup-accessor, /v1/auth/token/renew-accessor, /v1/auth/token/revoke-accessor when accessor has random Unicode chars #13274

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Internal Server error "no namespace" on paths /v1/auth/token/lookup-accessor, /v1/auth/token/renew-accessor, /v1/auth/token/revoke-accessor when accessor has random Unicode chars #13274

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions